Added owner id to comment categories.

database/2020_05_30_142750_add_owner_id_to_comments.php

@@ -0,0 +1,26 @@
+<?php
+namespace Misuzu\DatabaseMigrations\AddOwnerIdToComments;
+
+use PDO;
+
+function migrate_up(PDO $conn): void {
+    $conn->exec("
+        ALTER TABLE `msz_comments_categories`
+            ADD COLUMN `owner_id` INT UNSIGNED NULL DEFAULT NULL AFTER `category_name`,
+            ADD INDEX `comments_categories_owner_foreign` (`owner_id`),
+            ADD CONSTRAINT `comments_categories_owner_foreign`
+                FOREIGN KEY (`owner_id`)
+                REFERENCES `msz_users` (`user_id`)
+                ON UPDATE CASCADE
+                ON DELETE SET NULL;
+    ");
+}
+
+function migrate_down(PDO $conn): void {
+    $conn->exec("
+        ALTER TABLE `msz_comments_categories`
+            DROP COLUMN `owner_id`,
+            DROP INDEX `comments_categories_owner_foreign`,
+            DROP FOREIGN KEY `comments_categories_owner_foreign`;
+    ");
+}

public/comments.php

@@ -63,7 +63,7 @@ if($commentId > 0)
 switch($commentMode) {
     case 'pin':
     case 'unpin':
-        if(!$commentPerms['can_pin']) {
+        if(!$commentPerms['can_pin'] && !$commentInfo2->isOwner($currentUserInfo)) {
             echo render_info_or_json($isXHR, "You're not allowed to pin comments.", 403);
             break;
         }
@@ -103,7 +103,7 @@ switch($commentMode) {
         break;
 
     case 'vote':
-        if(!$commentPerms['can_vote']) {
+        if(!$commentPerms['can_vote'] && !$commentInfo2->isOwner($currentUserInfo)) {
             echo render_info_or_json($isXHR, "You're not allowed to vote on comments.", 403);
             break;
         }
@@ -129,7 +129,7 @@ switch($commentMode) {
         break;
 
     case 'delete':
-        if(!$commentPerms['can_delete']) {
+        if(!$commentPerms['can_delete'] && !$commentInfo2->isOwner($currentUserInfo)) {
             echo render_info_or_json($isXHR, "You're not allowed to delete comments.", 403);
             break;
         }
@@ -205,7 +205,7 @@ switch($commentMode) {
         break;
 
     case 'create':
-        if(!$commentPerms['can_comment']) {
+        if(!$commentPerms['can_comment'] && !$commentInfo2->isOwner($currentUserInfo)) {
             echo render_info_or_json($isXHR, "You're not allowed to post comments.", 403);
             break;
         }

src/Comments/CommentsCategory.php

@@ -14,14 +14,16 @@ class CommentsCategory implements JsonSerializable {
     // Database fields
     private $category_id = -1;
     private $category_name = '';
+    private $owner_id = null;
     private $category_created = null;
     private $category_locked = null;
 
     private $postCount = -1;
+    private $owner = null;
 
     public const TABLE = 'comments_categories';
     private const QUERY_SELECT = 'SELECT %1$s FROM `' . DB::PREFIX . self::TABLE . '` AS '. self::TABLE;
-    private const SELECT = '%1$s.`category_id`, %1$s.`category_name`'
+    private const SELECT = '%1$s.`category_id`, %1$s.`category_name`, %1$s.`owner_id`'
         . ', UNIX_TIMESTAMP(%1$s.`category_created`) AS `category_created`'
         . ', UNIX_TIMESTAMP(%1$s.`category_locked`) AS `category_locked`';
 
@@ -42,6 +44,21 @@ class CommentsCategory implements JsonSerializable {
         return $this;
     }
 
+    public function getOwnerId(): int {
+        return $this->owner_id < 1 ? -1 : $this->owner_id;
+    }
+    public function hasOwner(): bool {
+        return $this->owner_id !== null;
+    }
+    public function getOwner(): User {
+        if($this->owner === null && ($ownerId = $this->getOwnerId()) >= 1)
+            $this->owner = User::byId($ownerId);
+        return $this->owner;
+    }
+    public function isOwner(User $user): bool {
+        return $this->hasOwner() && $user->getId() === $this->getOwnerId();
+    }
+
     public function getCreatedTime(): int {
         return $this->category_created === null ? -1 : $this->category_created;
     }